People Doing Online Banking – Be Advised!!! Beware of Comprovante_Internet_Banking.rtf

Word documents are not to be considered safe anymore.  Brazillian Trojan integrates itself into word documents. The bad guys are using an interesting method to bypass the e-mail filtering techniques by file extension of file type. This method will also allow the malware to integrate its malicious code into a document which will surely fool any Antivirus Detection techniques. This particular Trojan is written in Delphi as seen in the source code.

In general you will receive an email message stating “Banking receipt”. The first question you should ask yourself – Are you waiting for such receipt? If you open the word document anyway, you will be presented a blank sheet with something that looks like an image thumbnail of a real receipt. You will be invited to double click it in order to enlarge.

security warning

You will be asked to execute the embedded object and here is how you will get infected and your system become compromised.

Fortunately, my computer was up to date and patched and I was not able to get infected as seen in the image below. This might not be the case with your computer though.

Comprovante_Internet_Banking.rtf

Once, the Cybercriminals steal your personal data and gain access to your bank account, they will generally hire the so called “money mules”. The scheme is the following: The first money transfer from the victim will be sent to the money mule account. The mules then transfer the money to a third account for a commission and your money will be lost forever.

There is no reason to expect that the internet will become safer that is why ordinary people should better educate themselves on internet security.

Leave a Comment